aboutsummaryrefslogtreecommitdiff
path: root/mod/profile/icondirect.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/profile/icondirect.php')
-rw-r--r--mod/profile/icondirect.php20
1 files changed, 3 insertions, 17 deletions
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php
index 8a46786ab..c84955fa5 100644
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -16,8 +16,6 @@ require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
global $CONFIG;
-
-$username = $_GET['username'];
$joindate = (int)$_GET['joindate'];
$guid = (int)$_GET['guid'];
@@ -26,20 +24,6 @@ if (!in_array($size,array('large','medium','small','tiny','master','topbar'))) {
$size = "medium";
}
-// security check on username string
-if ( (strpos($username, '/')!==false) ||
- (strpos($username, '\\')!==false) ||
- (strpos($username, '"')!==false) ||
- (strpos($username, '\'')!==false) ||
- (strpos($username, '*')!==false) ||
- (strpos($username, '&')!==false) ||
- (strpos($username, ' ')!==false) ) {
- // these characters are not allowed in usernames
- exit;
-}
-
-
-
$mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true);
if ($mysql_dblink) {
if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) {
@@ -65,7 +49,7 @@ if ($mysql_dblink) {
// first try to read icon directly
$user_path = date('Y/m/d/', $joindate) . $guid;
- $filename = $dataroot . $user_path . "/profile/" . $username . $size . ".jpg";
+ $filename = "$dataroot$user_path/profile/{$guid}{$size}.jpg";
$contents = @file_get_contents($filename);
if (!empty($contents)) {
header("Content-type: image/jpeg");
@@ -86,4 +70,6 @@ if ($mysql_dblink) {
// simplecache is not turned on or something went wrong so load engine and try that way
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+$user = get_entity($guid);
+set_input('username', $user->username);
require_once(dirname(__FILE__).'/icon.php');